Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot

Installing DNS plugins

Certbot's DNS plugins are available for your system. These
plugins can be used to automate obtaining a wildcard certificate from Let's
Encrypt's ACMEv2 server. To use one of these plugins, you must have configured
DNS for the domain you want to obtain a certificate for with a DNS provider
that Certbot has a plugin for. A list of these plugins and more information
about using them can be found here.
To install one of these plugins, run the installation command above but replace
certbot with python3-certbot-dns-PLUGIN, where PLUGIN
is the name of the plugin you want to install. For instance, for the RFC2136
plugin this would be python3-certbot-dns-rfc2136.

Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic
installation you should probably use the certonly command to obtain your
certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain
your certificate. If you already have a webserver running, we recommend
choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin,
which can work with the webroot directory of any webserver software:

This command will obtain a single cert for example.com,
www.example.com, thing.is, and m.thing.is; it will
place files below /var/www/example to prove control of the first two
domains, and under /var/www/thing for the second pair.

Note:

To use the webroot plugin, your server must be configured to serve files from hidden directories. If /.well-known is treated specially by your webserver configuration, you might need to modify the configuration to ensure that files inside /.well-known/acme-challenge are served by the webserver.

To obtain a cert using a built-in “standalone” webserver (you may need to
temporarily stop your existing webserver, if any) for example.com and
www.example.com:

You can also use one of Certbot's DNS plugins to obtain a certificate if it's
installed and you have configured DNS for the domain you want to obtain a
certificate for with the DNS provider matching the plugin. To see more
information about using these plugins, click
here. If you want to use one of
these plugins with Let's Encrypt's new ACMEv2 server that will issue wildcard
certificates, you'll also need to include the following flag on the command
line:

--server https://acme-v02.api.letsencrypt.org/directory

Automating renewal

The Certbot packages on your system come with a cron job that will
renew your certificates automatically before they expire. Since Let's Encrypt
certificates last for 90 days, it's highly advisable to take advantage of this
feature. You can test automatic renewal for your certificates by running this
command:

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot

Installing DNS plugins

Certbot's DNS plugins are available for your system. These
plugins can be used to automate obtaining a wildcard certificate from Let's
Encrypt's ACMEv2 server. To use one of these plugins, you must have configured
DNS for the domain you want to obtain a certificate for with a DNS provider
that Certbot has a plugin for. A list of these plugins and more information
about using them can be found here.
To install one of these plugins, run the installation command above but replace
certbot with python3-certbot-dns-PLUGIN, where PLUGIN
is the name of the plugin you want to install. For instance, for the RFC2136
plugin this would be python3-certbot-dns-rfc2136.

Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic
installation you should probably use the certonly command to obtain your
certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain
your certificate. If you already have a webserver running, we recommend
choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin,
which can work with the webroot directory of any webserver software:

This command will obtain a single cert for example.com,
www.example.com, thing.is, and m.thing.is; it will
place files below /var/www/example to prove control of the first two
domains, and under /var/www/thing for the second pair.

Note:

To use the webroot plugin, your server must be configured to serve files from hidden directories. If /.well-known is treated specially by your webserver configuration, you might need to modify the configuration to ensure that files inside /.well-known/acme-challenge are served by the webserver.

To obtain a cert using a built-in “standalone” webserver (you may need to
temporarily stop your existing webserver, if any) for example.com and
www.example.com:

You can also use one of Certbot's DNS plugins to obtain a certificate if it's
installed and you have configured DNS for the domain you want to obtain a
certificate for with the DNS provider matching the plugin. To see more
information about using these plugins, click
here. If you want to use one of
these plugins with Let's Encrypt's new ACMEv2 server that will issue wildcard
certificates, you'll also need to include the following flag on the command
line:

--server https://acme-v02.api.letsencrypt.org/directory

Automating renewal

The Certbot packages on your system come with a cron job that will
renew your certificates automatically before they expire. Since Let's Encrypt
certificates last for 90 days, it's highly advisable to take advantage of this
feature. You can test automatic renewal for your certificates by running this
command: